6.5

CVE-2018-11076

EPSS 0.4%
Veröffentlicht 26.11.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:42:37
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Avamar Version7.2.0

Dell ≫ Emc Avamar Version7.2.1

Dell ≫ Emc Avamar Version7.3.0

Dell ≫ Emc Avamar Version7.3.1

Dell ≫ Emc Avamar Version7.4.0

Dell ≫ Emc Avamar Version7.4.1

Dell ≫ Emc Integrated Data Protection Appliance Version2.0

VMware ≫ Vsphere Data Protection Version6.0.0

VMware ≫ Vsphere Data Protection Version6.0.1

VMware ≫ Vsphere Data Protection Version6.0.2

VMware ≫ Vsphere Data Protection Version6.0.3

VMware ≫ Vsphere Data Protection Version6.0.4

VMware ≫ Vsphere Data Protection Version6.0.5

VMware ≫ Vsphere Data Protection Version6.0.6

VMware ≫ Vsphere Data Protection Version6.0.7

VMware ≫ Vsphere Data Protection Version6.0.8

VMware ≫ Vsphere Data Protection Version6.1.0

VMware ≫ Vsphere Data Protection Version6.1.1

VMware ≫ Vsphere Data Protection Version6.1.2

VMware ≫ Vsphere Data Protection Version6.1.3

VMware ≫ Vsphere Data Protection Version6.1.4

VMware ≫ Vsphere Data Protection Version6.1.5

VMware ≫ Vsphere Data Protection Version6.1.6

VMware ≫ Vsphere Data Protection Version6.1.7

VMware ≫ Vsphere Data Protection Version6.1.8

VMware ≫ Vsphere Data Protection Version6.1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.6

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

http://www.securitytracker.com/id/1042153

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0029.html

Patch

Third Party Advisory

http://www.securityfocus.com/bid/105972

Third Party Advisory

VDB Entry

https://seclists.org/fulldisclosure/2018/Nov/50

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2018-11076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11076

EUVD